[PCI DSS 1.x] 8.3 Implement two-factor authentication for remote access to the network by employees, administrato

8.3 To verify that two-factor authentication is implemented for all remote network access, observe an employee (for example, an administrator) connecting remotely to the network and verify that both a password and an additional authentication item (Smart card, token PIN) are required.

[FONT=Arial]Is two factor authentication required when direct access to cardholder data environment from VPN is prohibited?[/FONT]
[FONT=Arial]to gain access to cardholder data environment via VPNā€¦users will connect via VPN, then use remote desktop to authenticate to an internal office computer[/FONT]
[FONT=Arial]thank you[/FONT]

What does remote network access means ?


Does remote access means :

  1. Connecting to your office network from internet using VPN, Dial-up etc.
  2. Connecting to the Systems in one VLAN (e.g. server vlan) from other VLAN (IT VLAN/Admin VLAN) within the same organisational network.

Remote access are when you connect from outside premises (without any physical security).

This includes VPN access and WiFi hotspot.

Remote access from another offices, with a Lan-to-Lan network, is not considered as a remote access in 8.3.

Best regards, Mark from PCI Initiative